Hi There,
We've noticed an issue with AEM 6.1 using SAML integration on a Publish server. We have a server which allows anonymous access to all pages, but also allows users to login via SAML.
What we have found is that when the session expires, that the server requests return a 403 error - even though the pages should be accessible to everyone
Is there a *standard* way to clear the session token? I notice there is a the Token Cleanup Handler in OSGi config [1], which is supposed to default to 1 hour (actually defaults to 24 hours)
We also looked at the Oak documentation at this link [2] regarding "Token Removal" - noticing the token did not get removed automatically
Thanks,
Tim
1. http://localhost:4503/system/console/configMgr/com.day.crx.security.token.impl.TokenCleanupTask
2. http://jackrabbit.apache.org/oak/docs/security/authentication/token/default.html